#!/data/data/com.termux/files/usr/bin/bash -e
###########################
#请勿使用该脚本用于非法行为
#该脚本最终解释权归汤圆本人所有
###########################
while true
do
clear
echo -e "\033[32m                 ~ Termux_Tools v2.6~ \033[0m"
echo -e "\033[34m            Make by TY汤圆&QQ1703417187 \033[0m"
echo -e "\033[34m           欢迎加入交流群𝑻𝒊𝒏𝒀•𝑺𝒆.群号751386568 \033[0m"
echo -e "\033[32m            [不需要Root] \033[31m[需要Root]"
echo -e "\033[32m 1 > \033[0m在Termux中安装Nethunter_full[KALI]"
echo -e "\033[32m 2 > \033[0m在Termux中安装Nethunter_minimal[KALI]"
echo -e "\033[31m 3 > \033[0m解压Nethunter_kalifs数据包"
echo -e "\033[31m 4 > \033[0m解压ANDRAX_V5_andraxcore数据包"
echo -e "\033[31m 5 > \033[0m启动Nethunter"
echo -e "\033[31m 6 > \033[0m配置Bashrc文件.自启动Nethunter[无损完美启动]"
echo -e "\033[31m 7 > \033[0m退出"
sleep 0.2
read -p "Shell >> " num
if [[ $num == '1' ]] ; then
echo -e "\033[33m[ * ]\033[0m正在更新系统..."
apt update
echo -e "\033[33m[ * ]\033[0m正在检查文件储存权限..."
termux-setup-storage
echo -e "\033[33m[ * ]\033[0m开始安装wget..."
apt install wget
VERSION=2020011601
BASE_URL=https://build.nethunter.com/kalifs/kalifs-latest
#https://kali.download/nethunter-images/current/rootfs
USERNAME=kali
function unsupported_arch() {
    printf "${red}"
    echo "[*] 不支持在该架构上运行\n\n"
    printf "${reset}"
    exit
}
function ask() {
    while true; do
        if [ "${2:-}" = "Y" ]; then
            prompt="Y/n"
            default=Y
        elif [ "${2:-}" = "N" ]; then
            prompt="y/N"
            default=N
        else
            prompt="y/n"
            default=
        fi
        # Ask the question
        printf "${light_cyan}\n[?] "
        read -p "$1 [$prompt] " REPLY
        # Default?
        if [ -z "$REPLY" ]; then
            REPLY=$default
        fi
        printf "${reset}"
        # Check if the reply is valid
        case "$REPLY" in
            Y*|y*) return 0 ;;
            N*|n*) return 1 ;;
        esac
    done
}
function get_arch() {
    printf "${blue}[*] 检查设备架构中 ..."
    case $(getprop ro.product.cpu.abi) in
        arm64-v8a)
            SYS_ARCH=arm64
            ;;
        armeabi|armeabi-v7a)
            SYS_ARCH=arm64
            ;;
        *)
            unsupported_arch
            ;;
    esac
}
function set_strings() {
    CHROOT=kali-${SYS_ARCH}
    IMAGE_NAME=kalifs-${SYS_ARCH}-full.tar.xz
    SHA_NAME=kalifs-${SYS_ARCH}-full.sha512sum
}    
function prepare_fs() {
    unset KEEP_CHROOT
    if [ -d ${CHROOT} ]; then
        if ask "找到了现有的rootfs目录,是否删除并新建一个?" "N"; then
            rm -rf ${CHROOT}
        else
            KEEP_CHROOT=1
        fi
    fi
} 
function cleanup() {
    if [ -f ${IMAGE_NAME} ]; then
        if ask "是否删除下载的rootfs文件?" "N"; then
	    if [ -f ${IMAGE_NAME} ]; then
                rm -f ${IMAGE_NAME}
	    fi
	    if [ -f ${SHA_NAME} ]; then
                rm -f ${SHA_NAME}
	    fi
        fi
    fi
} 

function check_dependencies() {
    printf "${blue}\n[*] 正在检查包依赖项...${reset}\n"
    apt update -y &> /dev/null

    for i in proot tar axel; do
        if [ -e $PREFIX/bin/$i ]; then
            echo "$i可以正常运行"
        else
            printf "正在安装${i}...\n"
            apt install -y $i || {
                printf "${red}错误: 安装包出错\n 退出.\n${reset}"
	        exit
            }
        fi
    done
    apt upgrade -y
}


function get_url() {
    ROOTFS_URL="${BASE_URL}/${IMAGE_NAME}"
    SHA_URL="${BASE_URL}/${SHA_NAME}"
}

function get_rootfs() {
    unset KEEP_IMAGE
    if [ -f ${IMAGE_NAME} ]; then
        if ask "找到现有kali文件.删除并下载新的？" "N"; then
            rm -f ${IMAGE_NAME}
        else
            printf "${yellow}[!] Using existing rootfs archive${reset}\n"
            KEEP_IMAGE=1
            return
        fi
    fi
    printf "${blue}[*] 下载rootfs中...${reset}\n\n"
    get_url
    axel ${EXTRA_ARGS} --alternate "$ROOTFS_URL"
}

function get_sha() {
    if [ -z $KEEP_IMAGE ]; then
        printf "\n${blue}[*] 正在获取SHA ... ${reset}\n\n"
        get_url
        if [ -f ${SHA_NAME} ]; then
            rm -f ${SHA_NAME}
        fi
        axel ${EXTRA_ARGS} --alternate "${SHA_URL}"
    fi
}

function verify_sha() {
    if [ -z $KEEP_IMAGE ]; then
        printf "\n${blue}[*] 正在验证rootfs的完整性...${reset}\n\n"
        sha512sum -c $SHA_NAME || {
            printf "${red} Rootfs文件已损坏.请再次运行此安装程序或手动下载文件\n${reset}"
            exit 1
        }
    fi
}

function extract_rootfs() {
    if [ -z $KEEP_CHROOT ]; then
        printf "\n${blue}[*] 正在从rootfs中提取文件... ${reset}\n\n"
        proot --link2symlink tar -xf $IMAGE_NAME 2> /dev/null || :
    else        
        printf "${yellow}[!] 使用现有的rootfs目录${reset}\n"
    fi
}


function create_launcher() {
    NH_LAUNCHER=${PREFIX}/bin/nethunter
    NH_SHORTCUT=${PREFIX}/bin/nh
    cat > $NH_LAUNCHER <<- EOF
#!/data/data/com.termux/files/usr/bin/bash -e
cd \${HOME}
## termux-exec sets LD_PRELOAD so let's unset it before continuing
unset LD_PRELOAD
## Workaround for Libreoffice, also needs to bind a fake /proc/version
if [ ! -f $CHROOT/root/.version ]; then
    touch $CHROOT/root/.version
fi

## Default user is "kali"
user="$USERNAME"
home="/home/\$user"
start="sudo -u kali /bin/bash"

## NH can be launched as root with the "-r" cmd attribute
## Also check if user kali exists, if not start as root
if grep -q "kali" ${CHROOT}/etc/passwd; then
    KALIUSR="1";
else
    KALIUSR="0";
fi
if [[ \$KALIUSR == "0" || ("\$#" != "0" && ("\$1" == "-r" || "\$1" == "-R")) ]];then
    user="root"
    home="/\$user"
    start="/bin/bash --login"
    if [[ "\$#" != "0" && ("\$1" == "-r" || "\$1" == "-R") ]];then
        shift
    fi
fi

cmdline="proot \\
        --link2symlink \\
        -0 \\
        -r $CHROOT \\
        -b /dev \\
        -b /proc \\
        -b $CHROOT\$home:/dev/shm \\
        -w \$home \\
           /usr/bin/env -i \\
           HOME=\$home \\
           PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin \\
           TERM=\$TERM \\
           LANG=C.UTF-8 \\
           \$start"

cmd="\$@"
if [ "\$#" == "0" ];then
    exec \$cmdline
else
    \$cmdline -c "\$cmd"
fi
EOF

    chmod 700 $NH_LAUNCHER
    if [ -L ${NH_SHORTCUT} ]; then
        rm -f ${NH_SHORTCUT}
    fi
    if [ ! -f ${NH_SHORTCUT} ]; then
        ln -s ${NH_LAUNCHER} ${NH_SHORTCUT} >/dev/null
    fi
   
}

function create_kex_launcher() {
    KEX_LAUNCHER=${CHROOT}/usr/bin/kex
    cat > $KEX_LAUNCHER <<- EOF
#!/bin/bash

function start-kex() {
    if [ ! -f ~/.vnc/passwd ]; then
        passwd-kex
    fi
    USR=\$(whoami)
    if [ \$USR == "root" ]; then
        SCREEN=":2"
    else
        SCREEN=":1"
    fi 
    export HOME=\${HOME}; export USER=\${USR}; LD_PRELOAD=/usr/lib/aarch64-linux-gnu/libgcc_s.so.1 nohup vncserver \$SCREEN >/dev/null 2>&1 </dev/null
    starting_kex=1
    return 0
}

function stop-kex() {
    vncserver -kill :1 | sed s/"Xtigervnc"/"NetHunter KeX"/
    vncserver -kill :2 | sed s/"Xtigervnc"/"NetHunter KeX"/
    return $?
}

function passwd-kex() {
    vncpasswd
    return $?
}

function status-kex() {
    sessions=\$(vncserver -list | sed s/"TigerVNC"/"NetHunter KeX"/)
    if [[ \$sessions == *"590"* ]]; then
        printf "\n\${sessions}\n"
        printf "\n你可以使用KeX客户端连接到这些可视化界面\n\n"
    else
        if [ ! -z \$starting_kex ]; then
            printf '\n启动KeX服务器时出错.\n请尝试执行“netunter kex kill”或重新启动termux会话并重试.\n\n'
        fi
    fi
    return 0
}

function kill-kex() {
    pkill Xtigervnc
    return \$?
}

case \$1 in
    start)
        start-kex
        ;;
    stop)
        stop-kex
        ;;
    status)
        status-kex
        ;;
    passwd)
        passwd-kex
        ;;
    kill)
        kill-kex
        ;;
    *)
        stop-kex
        start-kex
        status-kex
        ;;
esac
EOF

    chmod 700 $KEX_LAUNCHER
}

function fix_profile_bash() {
    ## Prevent attempt to create links in read only filesystem
    if [ -f ${CHROOT}/root/.bash_profile ]; then
        sed -i '/if/,/fi/d' "${CHROOT}/root/.bash_profile"
    fi
}

function fix_sudo() {
    ## fix sudo & su on start
    chmod +s $CHROOT/usr/bin/sudo
    chmod +s $CHROOT/usr/bin/su
	echo "kali    ALL=(ALL:ALL) ALL" > $CHROOT/etc/sudoers.d/kali

    # https://bugzilla.redhat.com/show_bug.cgi?id=1773148
    echo "Set disable_coredump false" > $CHROOT/etc/sudo.conf
}

function fix_uid() {
    ## Change kali uid and gid to match that of the termux user
    USRID=$(id -u)
    GRPID=$(id -g)
    nh -r usermod -u $USRID kali 2>/dev/null
    nh -r groupmod -g $GRPID kali 2>/dev/null
}

function print_banner() {
    clear
    printf "${blue}##################################################\n"
    printf "${blue}##                                              ##\n"
    printf "${blue}##  88      a8P         db        88        88  ##\n"
    printf "${blue}##  88    .88'         d88b       88        88  ##\n"
    printf "${blue}##  88   88'          d8''8b      88        88  ##\n"
    printf "${blue}##  88 d88           d8'  '8b     88        88  ##\n"
    printf "${blue}##  8888'88.        d8YaaaaY8b    88        88  ##\n"
    printf "${blue}##  88P   Y8b      d8''''''''8b   88        88  ##\n"
    printf "${blue}##  88     '88.   d8'        '8b  88        88  ##\n"
    printf "${blue}##  88       Y8b d8'          '8b 888888888 88  ##\n"
    printf "${blue}##                                              ##\n"
    printf "${blue}####  ############# NetHunter ####################${reset}\n\n"
}


##################################
##              Main            ##

# Add some colours
red='\033[1;31m'
green='\033[1;32m'
yellow='\033[1;33m'
blue='\033[1;34m'
light_cyan='\033[1;96m'
reset='\033[0m'

EXTRA_ARGS=""
if [[ ! -z $1 ]]; then
    EXTRA_ARGS=$1
    if [[ $EXTRA_ARGS != "--insecure" ]]; then
        EXTRA_ARGS=""
    fi
fi

cd $HOME
print_banner
get_arch
set_strings
prepare_fs
check_dependencies
get_rootfs
get_sha
verify_sha
extract_rootfs
create_launcher
cleanup

printf "\n${blue}[*] 正在为Termux上的Nethunter进行配置 ...\n"
fix_profile_bash
fix_sudo
create_kex_launcher
fix_uid

print_banner
printf "${green}[=] 成功在Termux上安装Nethunter${reset}\n\n"
printf "${green}[+] 启动NetHunter:${reset}\n"
printf "${green}[+] nh -r kex passwd  # 修改vnc密码${reset}\n"
printf "${green}[+] nh -r kex &       # 启动vnc桌面${reset}\n"
printf "${green}[+] nh -r kex stop    # 关闭vnc桌面${reset}\n"
printf "${green}[+] nh -r             # 启动root kali终端${reset}\n\n"
printf "[+]恭喜你成功安装了kali~"
elif [[ $num == '2' ]] ; then
echo -e "\033[33m[ * ]\033[0m正在更新系统..."
apt update
echo -e "\033[33m[ * ]\033[0m正在检查文件储存权限..."
termux-setup-storage
echo -e "\033[33m[ * ]\033[0m开始安装wget..."
apt install wget
VERSION=2020011601
BASE_URL=https://build.nethunter.com/kalifs/kalifs-latest
#https://kali.download/nethunter-images/current/rootfs
USERNAME=kali
function unsupported_arch() {
    printf "${red}"
    echo "[*] 不支持在该架构上运行\n\n"
    printf "${reset}"
    exit
}
function ask() {
    while true; do
        if [ "${2:-}" = "Y" ]; then
            prompt="Y/n"
            default=Y
        elif [ "${2:-}" = "N" ]; then
            prompt="y/N"
            default=N
        else
            prompt="y/n"
            default=
        fi
        # Ask the question
        printf "${light_cyan}\n[?] "
        read -p "$1 [$prompt] " REPLY
        # Default?
        if [ -z "$REPLY" ]; then
            REPLY=$default
        fi
        printf "${reset}"
        # Check if the reply is valid
        case "$REPLY" in
            Y*|y*) return 0 ;;
            N*|n*) return 1 ;;
        esac
    done
}
function get_arch() {
    printf "${blue}[*] 检查设备架构中 ..."
    case $(getprop ro.product.cpu.abi) in
        arm64-v8a)
            SYS_ARCH=arm64
            ;;
        armeabi|armeabi-v7a)
            SYS_ARCH=arm64
            ;;
        *)
            unsupported_arch
            ;;
    esac
}
function set_strings() {
    CHROOT=kali-${SYS_ARCH}
    IMAGE_NAME=kalifs-${SYS_ARCH}-minimal.tar.xz
    SHA_NAME=kalifs-${SYS_ARCH}-minimal.sha512sum
}    
function prepare_fs() {
    unset KEEP_CHROOT
    if [ -d ${CHROOT} ]; then
        if ask "找到了现有的rootfs目录,是否删除并新建一个?" "N"; then
            rm -rf ${CHROOT}
        else
            KEEP_CHROOT=1
        fi
    fi
} 
function cleanup() {
    if [ -f ${IMAGE_NAME} ]; then
        if ask "是否删除下载的rootfs文件?" "N"; then
	    if [ -f ${IMAGE_NAME} ]; then
                rm -f ${IMAGE_NAME}
	    fi
	    if [ -f ${SHA_NAME} ]; then
                rm -f ${SHA_NAME}
	    fi
        fi
    fi
} 

function check_dependencies() {
    printf "${blue}\n[*] 正在检查包依赖项...${reset}\n"
    apt update -y &> /dev/null

    for i in proot tar axel; do
        if [ -e $PREFIX/bin/$i ]; then
            echo "$i可以正常运行"
        else
            printf "正在安装${i}...\n"
            apt install -y $i || {
                printf "${red}错误: 安装包出错\n 退出.\n${reset}"
	        exit
            }
        fi
    done
    apt upgrade -y
}


function get_url() {
    ROOTFS_URL="${BASE_URL}/${IMAGE_NAME}"
    SHA_URL="${BASE_URL}/${SHA_NAME}"
}

function get_rootfs() {
    unset KEEP_IMAGE
    if [ -f ${IMAGE_NAME} ]; then
        if ask "找到现有kali文件.删除并下载新的？" "N"; then
            rm -f ${IMAGE_NAME}
        else
            printf "${yellow}[!] Using existing rootfs archive${reset}\n"
            KEEP_IMAGE=1
            return
        fi
    fi
    printf "${blue}[*] 下载rootfs中...${reset}\n\n"
    get_url
    axel ${EXTRA_ARGS} --alternate "$ROOTFS_URL"
}

function get_sha() {
    if [ -z $KEEP_IMAGE ]; then
        printf "\n${blue}[*] 正在获取SHA ... ${reset}\n\n"
        get_url
        if [ -f ${SHA_NAME} ]; then
            rm -f ${SHA_NAME}
        fi
        axel ${EXTRA_ARGS} --alternate "${SHA_URL}"
    fi
}

function verify_sha() {
    if [ -z $KEEP_IMAGE ]; then
        printf "\n${blue}[*] 正在验证rootfs的完整性...${reset}\n\n"
        sha512sum -c $SHA_NAME || {
            printf "${red} Rootfs文件已损坏.请再次运行此安装程序或手动下载文件\n${reset}"
            exit 1
        }
    fi
}

function extract_rootfs() {
    if [ -z $KEEP_CHROOT ]; then
        printf "\n${blue}[*] 正在从rootfs中提取文件... ${reset}\n\n"
        proot --link2symlink tar -xf $IMAGE_NAME 2> /dev/null || :
    else        
        printf "${yellow}[!] 使用现有的rootfs目录${reset}\n"
    fi
}


function create_launcher() {
    NH_LAUNCHER=${PREFIX}/bin/nethunter
    NH_SHORTCUT=${PREFIX}/bin/nh
    cat > $NH_LAUNCHER <<- EOF
#!/data/data/com.termux/files/usr/bin/bash -e
cd \${HOME}
## termux-exec sets LD_PRELOAD so let's unset it before continuing
unset LD_PRELOAD
## Workaround for Libreoffice, also needs to bind a fake /proc/version
if [ ! -f $CHROOT/root/.version ]; then
    touch $CHROOT/root/.version
fi

## Default user is "kali"
user="$USERNAME"
home="/home/\$user"
start="sudo -u kali /bin/bash"

## NH can be launched as root with the "-r" cmd attribute
## Also check if user kali exists, if not start as root
if grep -q "kali" ${CHROOT}/etc/passwd; then
    KALIUSR="1";
else
    KALIUSR="0";
fi
if [[ \$KALIUSR == "0" || ("\$#" != "0" && ("\$1" == "-r" || "\$1" == "-R")) ]];then
    user="root"
    home="/\$user"
    start="/bin/bash --login"
    if [[ "\$#" != "0" && ("\$1" == "-r" || "\$1" == "-R") ]];then
        shift
    fi
fi

cmdline="proot \\
        --link2symlink \\
        -0 \\
        -r $CHROOT \\
        -b /dev \\
        -b /proc \\
        -b $CHROOT\$home:/dev/shm \\
        -w \$home \\
           /usr/bin/env -i \\
           HOME=\$home \\
           PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin \\
           TERM=\$TERM \\
           LANG=C.UTF-8 \\
           \$start"

cmd="\$@"
if [ "\$#" == "0" ];then
    exec \$cmdline
else
    \$cmdline -c "\$cmd"
fi
EOF

    chmod 700 $NH_LAUNCHER
    if [ -L ${NH_SHORTCUT} ]; then
        rm -f ${NH_SHORTCUT}
    fi
    if [ ! -f ${NH_SHORTCUT} ]; then
        ln -s ${NH_LAUNCHER} ${NH_SHORTCUT} >/dev/null
    fi
   
}

function create_kex_launcher() {
    KEX_LAUNCHER=${CHROOT}/usr/bin/kex
    cat > $KEX_LAUNCHER <<- EOF
#!/bin/bash

function start-kex() {
    if [ ! -f ~/.vnc/passwd ]; then
        passwd-kex
    fi
    USR=\$(whoami)
    if [ \$USR == "root" ]; then
        SCREEN=":2"
    else
        SCREEN=":1"
    fi 
    export HOME=\${HOME}; export USER=\${USR}; LD_PRELOAD=/usr/lib/aarch64-linux-gnu/libgcc_s.so.1 nohup vncserver \$SCREEN >/dev/null 2>&1 </dev/null
    starting_kex=1
    return 0
}

function stop-kex() {
    vncserver -kill :1 | sed s/"Xtigervnc"/"NetHunter KeX"/
    vncserver -kill :2 | sed s/"Xtigervnc"/"NetHunter KeX"/
    return $?
}

function passwd-kex() {
    vncpasswd
    return $?
}

function status-kex() {
    sessions=\$(vncserver -list | sed s/"TigerVNC"/"NetHunter KeX"/)
    if [[ \$sessions == *"590"* ]]; then
        printf "\n\${sessions}\n"
        printf "\n你可以使用KeX客户端连接到这些可视化界面\n\n"
    else
        if [ ! -z \$starting_kex ]; then
            printf '\n启动KeX服务器时出错.\n请尝试执行“netunter kex kill”或重新启动termux会话并重试.\n\n'
        fi
    fi
    return 0
}

function kill-kex() {
    pkill Xtigervnc
    return \$?
}

case \$1 in
    start)
        start-kex
        ;;
    stop)
        stop-kex
        ;;
    status)
        status-kex
        ;;
    passwd)
        passwd-kex
        ;;
    kill)
        kill-kex
        ;;
    *)
        stop-kex
        start-kex
        status-kex
        ;;
esac
EOF

    chmod 700 $KEX_LAUNCHER
}

function fix_profile_bash() {
    ## Prevent attempt to create links in read only filesystem
    if [ -f ${CHROOT}/root/.bash_profile ]; then
        sed -i '/if/,/fi/d' "${CHROOT}/root/.bash_profile"
    fi
}

function fix_sudo() {
    ## fix sudo & su on start
    chmod +s $CHROOT/usr/bin/sudo
    chmod +s $CHROOT/usr/bin/su
	echo "kali    ALL=(ALL:ALL) ALL" > $CHROOT/etc/sudoers.d/kali

    # https://bugzilla.redhat.com/show_bug.cgi?id=1773148
    echo "Set disable_coredump false" > $CHROOT/etc/sudo.conf
}

function fix_uid() {
    ## Change kali uid and gid to match that of the termux user
    USRID=$(id -u)
    GRPID=$(id -g)
    nh -r usermod -u $USRID kali 2>/dev/null
    nh -r groupmod -g $GRPID kali 2>/dev/null
}

function print_banner() {
    clear
    printf "${blue}##################################################\n"
    printf "${blue}##                                              ##\n"
    printf "${blue}##  88      a8P         db        88        88  ##\n"
    printf "${blue}##  88    .88'         d88b       88        88  ##\n"
    printf "${blue}##  88   88'          d8''8b      88        88  ##\n"
    printf "${blue}##  88 d88           d8'  '8b     88        88  ##\n"
    printf "${blue}##  8888'88.        d8YaaaaY8b    88        88  ##\n"
    printf "${blue}##  88P   Y8b      d8''''''''8b   88        88  ##\n"
    printf "${blue}##  88     '88.   d8'        '8b  88        88  ##\n"
    printf "${blue}##  88       Y8b d8'          '8b 888888888 88  ##\n"
    printf "${blue}##                                              ##\n"
    printf "${blue}####  ############# NetHunter ####################${reset}\n\n"
}


##################################
##              Main            ##

# Add some colours
red='\033[1;31m'
green='\033[1;32m'
yellow='\033[1;33m'
blue='\033[1;34m'
light_cyan='\033[1;96m'
reset='\033[0m'

EXTRA_ARGS=""
if [[ ! -z $1 ]]; then
    EXTRA_ARGS=$1
    if [[ $EXTRA_ARGS != "--insecure" ]]; then
        EXTRA_ARGS=""
    fi
fi

cd $HOME
print_banner
get_arch
set_strings
prepare_fs
check_dependencies
get_rootfs
get_sha
verify_sha
extract_rootfs
create_launcher
cleanup

printf "\n${blue}[*] 正在为Termux上的Nethunter进行配置 ...\n"
fix_profile_bash
fix_sudo
create_kex_launcher
fix_uid

print_banner
printf "${green}[=] 成功在Termux上安装Nethunter${reset}\n\n"
printf "${green}[+] 启动NetHunter:${reset}\n"
printf "${green}[+] nh -r kex passwd  # 修改vnc密码${reset}\n"
printf "${green}[+] nh -r kex &       # 启动vnc桌面${reset}\n"
printf "${green}[+] nh -r kex stop    # 关闭vnc桌面${reset}\n"
printf "${green}[+] nh -r             # 启动root kali终端${reset}\n\n"
printf "[+]恭喜你成功安装了kali~"
elif [[ $num == '3' ]] ; then
read "请输入Nethunter数据包路径[/storage/emulated/0/kalifs-arm64-full.tar.xz]: " nethunter && su -c busybox tar -xvJf $nethuntet -C /data/local/nhsystem/
echo -e "\033[32m[ + ]\033[0m运行成功~"
sleep 3
elif [[ $num == '4' ]] ; then
read "请输入ANDRAX_V5数据包路径[/storage/emulated/0/andraxcore.tar.xz]: " andrax && su -c mkdir /data/data/com.thecrackertechnology.andrax/ANDRAX/ && su -c busybox tar -xvJf $andrax -C /data/data/com.thecrackertechnology.andrax/tmpsystem/
echo -e "\033[32m[ + ]\033[0m运行成功~"
sleep 3
elif [[ $num == '5' ]] ; then
unset PREFIX && unset TMPDIR && unset BOOTCLASSPATH && su -c bootkali
echo -e "\033[32m[ + ]\033[0m运行成功~"
sleep 3
elif [[ $num == '6' ]] ; then
cat >> /data/data/com.termux/files/home/.bashrc <<EOF
read -p "是否启动Nethunter?[y/N]:" answer
EOF
echo 'if [[ $answer == "y" ]]' >> /data/data/com.termux/files/home/.bashrc
cat >> /data/data/com.termux/files/home/.bashrc <<EOF
then
unset PREFIX
unset TMPDIR
unset BOOTCLASSPATH
su -c bootkali
fi
EOF
echo -e "\033[32m[ + ]\033[0m成功运行~"
sleep 3
elif [[ $num == '7' ]] ; then echo -e "\033[33m[ * ]\033[0m退出~" && break
fi
done